47725 matches found
CVE-2025-48722 Qsync Central
A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4...
CVE-2025-48722 Qsync Central
A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4...
CVE-2025-48725
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: QuTS hero...
CVE-2025-54147
A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4...
CVE-2025-54152
A use of out-of-range pointer offset vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read sensitive portions of memory. We have already fixed the vulnerability in the following version: Qsync Central...
CVE-2025-54152 Qsync Central
A use of out-of-range pointer offset vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read sensitive portions of memory. We have already fixed the vulnerability in the following version: Qsync Central...
CVE-2025-54169
An out-of-bounds read vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5068 and later...
CVE-2025-54170
CVE-2025-54170 describes an out-of-bounds read in Qsync Central that can be exploited by a remote attacker who has a user account to access secret data. Affected: Qsync Central; vulnerability type is out-of-bounds read in the affected component. Impact is confidentiality of secret data; attack re...
CVE-2025-57708
An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We hav...
CVE-2025-57708
CVE-2025-57708 is an allocation of resources without limits or throttling affecting Qsync Central . The root cause is resource exhaustion that can be triggered when a remote attacker gains a user account, enabling them to prevent other systems, applications, or processes from accessing the same t...
CVE-2025-57708 Qsync Central
An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We hav...
CVE-2025-62853
A path traversal vulnerability in File Station 5 allows an attacker with a user account to read contents of files and system data. Affected: File Station 5; root cause: path traversal. Impact (per metrics): confidentiality LOW, integrity HIGH, availability HIGH; exploitation requires network acce...
CVE-2025-62854 File Station 5
An uncontrolled resource consumption vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: File Statio...
CVE-2025-66278 File Station 5
A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5...
CVE-2025-66278
A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5...
CVE-2025-68406
A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qsync Central...
CVE-2026-22894
A path traversal vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5...
February Microsoft Patch Tuesday
February Microsoft Patch Tuesday. A total of 55 vulnerabilities, half as many as in January. There are as many as six โ๏ธ vulnerabilities being exploited in the wild: ๐ป SFB/RCE - Windows Shell CVE-2026-21510 ๐ป SFB/RCE - Microsoft Word CVE-2026-21514 ๐ป SFB - MSHTML Framework CVE-2026-21513 ๐ป EoP -...
Exploit for Reliance on Untrusted Inputs in a Security Decision in Microsoft
CVE-2026-21509 Mitigation Script Traditional Chinese version:...
Remote Code Execution (RCE)
@backstage/plugin-techdocs-node is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper sanitization of user-controlled mkdocs.yml configuration specifically MkDocs hooks when TechDocs is configured with runIn: local, which allows an attacker to execute arbitrary Python...